![]() This makes it possible to read/write data from multiple storage accounts in a single spark application/query. Synapse allows users to set the linked service for a particular storage account. When the linked service authentication method is set to Account Key, the linked service will authenticate using the provided storage account key, request a SAS key, and automatically apply it to the storage request using the LinkedServiceBasedSASProvider. Linked Services can be configured to authenticate using an Account Key, Service Principal, Managed Identity, or Credential. Synapse provides an integrated linked services experience when connecting to Azure Data Lake Storage Gen2. This function displays the help documentation for the TokenLibrary. If you connect directly to Azure Key Vault without a linked service, you will authenticate using your user Azure Active Directory credential.įor more information, see linked services. Synapse will authenticate to Azure Key Vault using the Synapse workspace managed service identity. ![]() Ensure that the Synapse workspace managed service identity (MSI) has Secret Get privileges on your Azure Key Vault. When retrieving secrets from Azure Key Vault, we recommend creating a linked service to your Azure Key Vault. For example, if you want to use AAD passthrough to access a blob in a storage account, then you should go to that storage account and assign blob contributor role to yourself. The TokenLibrary simplifies the process of retrieving SAS tokens, AAD tokens, connection strings, and secrets stored in a linked service or from an Azure Key Vault.ĪAD passthrough uses permissions assigned to you as a user in AAD, rather than permissions assigned to Synapse or a separate service principal. If you need to connect to a resource using other credentials, use the TokenLibrary directly. Synapse uses Azure Active Directory (AAD) passthrough by default for authentication between resources. Unless the external data source allows anonymous access, chances are you need to secure your connection with a credential, secret, or connection string. Accessing data from external sources is a common pattern.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |